Allowing recursive queries of 'static-stub' zones
Enrico Scholz
enrico.scholz at sigma-chemnitz.de
Thu Jan 29 16:27:24 UTC 2015
Matus UHLAR - fantomas <uhlar at fantomas.sk> writes:
>>I am trying to setup a nameserver which:
>>
>>a) allows recursive queries from certain clients only, but
>>
>>b) provides responses for a static-stub zone (which is used to return
>> PTR records for an RFC2317 setup)
>>
>>Although I have set 'allow-query { any; };' in the static-stub zone, I
>>get a REFUSED for clients not enabled in a).
> [...]
>>How can I enable recursive queries for 'static-stub' zones?
>
> static-stub only points server to other servers to look up, therefore it
> needs recursion too.
ok; some more details. I have a '31-24.2.1.10.in-addr.arpa.' RFC2317 zone
and my DNS server is authoritative for it (obfuscated; this corresponds to
"localhost" zone in my initial example). This zone can be queried from
everywhere.
This server must allow recursive queries from internal clients (those
in the global 'allow-query' list) and it must be able to resolve
'25.2.1.10.in-addr.arpa.' and the other ip addresses from this range.
Although not strictly necessary, resolving of '25.2.1.10.in-addr.arpa.'
should be possible from outside (--> not covered by global allow-query
list) too.
> Do you want to provice RFC2318 zones for anyont or just for your
> clients? In the latter case the allow-recursion should help you for
> both cases, you don't need to specify allow-query.
I guess, I want the first case...
Enrico
More information about the bind-users
mailing list